<!--#include file="GetDB.inc" -->
<%
    Dim sUser, sPass, strURL, strQstr
    
    sUser = Request.Form("txtName") & ""
    sPass = Request.Form("txtPass") & ""
    Session("userName") = ""
    Session("adminName") = ""
    strURL = "login.asp"
    'strQstr= request.Form("QUERY_STRING")
    'userOK = false

    Set Conn = Server.CreateObject("ADODB.Connection")
    OpenDBConn Conn, "..\bbs\delphibbs.mdb"
    Set RS = Server.CreateObject("ADODB.RecordSet")
    SQL="select * from admin where password='"&sPass&"' and username='"&sUser&"'"
    RS.Open SQL,conn,1,3
    if not RS.EOF then
    	Session("adminName")=RS("username")
    	Session.Timeout=15
    	strURL = "index.asp"
    	RS.close
    	Conn.close
    	Set RS = Nothing
    	Set Conn = Nothing
    	strURL = "index.asp"
    else
    	Set Conn = Server.CreateObject("ADODB.Connection")
    	OpenDBConn Conn, "..\bbs\delphibbs.mdb"
    	Set RS = Server.CreateObject("ADODB.RecordSet")
    	SQL = "SELECT * FROM Users where UserName='" + sUser + "'"
    	RS.Open SQL, Conn, 1, 2
    	if not RS.EOF then
				if sUser = RS("UserName") AND sPass = trim(RS("Passwd")) then
		    	Session("userName") = RS("UserName")
		    	if isnull(RS("DateTime")) then
		    		Session("LastTime") = ""
		   	 	else
		    		Session("LastTime") = CDate(RS("DateTime"))
		    	end if
			    Session.TimeOut = 15
			    RS("DateTime") = now    
			    RS("GetTimes") = RS("GetTimes") + 1 
		    	RS.Update				
			    Response.Cookies("User") = RS("UserName")
			    Response.Cookies("PassWD") = RS("Passwd")
		    	strURL = "index.asp"
	    	else
	    		strURL = "login.asp?login=error"
		  	end if	
			else
					strURL = "login.asp?login=error"
			end if
		end if
		
		Response.Redirect strURL
    
%>